Anyone else blacklisted this morning by rbl.iprange.net?
I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<http://mxtoolbox.com> reports that rbl.iprange.net<http://rbl.iprange.net> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<http://rbl.iprange.net> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<http://rbl.iprange.net> owner's website (): "rbl.iprange.net<http://rbl.iprange.net> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<http://rbl.realtimeblacklist.com> rbl.iprange.net<http://rbl.iprange.net> will mark every ip address as listed to force removal of this server." What the heck? I've tried contacting realtimeblacklisk.com<http://realtimeblacklisk.com>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems). -mel beckman
We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18. MXToolBox alerted us to it, I ran a manual check on their portal, which is supposed to be http://iprange.net/rbl/lookup/ but redirects to https://realtimeblacklist.com/lookup/ and it came back not listed. Since it was a line I knew we were not mailing from anyways I figured I would just deal with it in the morning, but it had cleared itself up by then. First time I had ever even heard of this one. Good luck! -----Original Message----- From: NANOG [mailto:nanog-bounces+dannschuler=hotmail.com@nanog.org] On Behalf Of Mel Beckman Sent: Tuesday, January 2, 2018 11:46 AM To: nanog@nanog.org Subject: Anyone else blacklisted this morning by rbl.iprange.net? I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0> reports that rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> owner's website (): "rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> will mark every ip address as listed to force removal of this server." What the heck? I've tried contacting realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems). -mel beckman
Apparently they're widely used by firewall-based anti spam, as we seem to be getting blocked a lot by Juniper, Sonicwall, and Palo Alto firewalls. The outfit is listed in https://en.m.wikipedia.org/wiki/Comparison_of_DNS_blacklists, but seem to have very poor communication options (e.g., WhoIs is obscured). Why don't they just quit answering DNS queries at rbl.iprange.net? Sheesh! -mel
On Jan 2, 2018, at 8:58 AM, Dann Schuler <DannSchuler@hotmail.com> wrote:
We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.
MXToolBox alerted us to it, I ran a manual check on their portal, which is supposed to be http://iprange.net/rbl/lookup/ but redirects to https://realtimeblacklist.com/lookup/ and it came back not listed. Since it was a line I knew we were not mailing from anyways I figured I would just deal with it in the morning, but it had cleared itself up by then.
First time I had ever even heard of this one.
Good luck!
-----Original Message----- From: NANOG [mailto:nanog-bounces+dannschuler=hotmail.com@nanog.org] On Behalf Of Mel Beckman Sent: Tuesday, January 2, 2018 11:46 AM To: nanog@nanog.org Subject: Anyone else blacklisted this morning by rbl.iprange.net?
I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0> reports that rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> owner's website ():
"rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> will mark every ip address as listed to force removal of this server."
What the heck? I've tried contacting realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).
-mel beckman
As the message said, they use this to force mx admins to remove their entry to stop hammering. I remember other lists did the same. Contact the remote mx admin in order to get this fixed.
Op 2 jan. 2018 om 17:57 heeft Dann Schuler <DannSchuler@hotmail.com> het volgende geschreven:
We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.
MXToolBox alerted us to it, I ran a manual check on their portal, which is supposed to be http://iprange.net/rbl/lookup/ but redirects to https://realtimeblacklist.com/lookup/ and it came back not listed. Since it was a line I knew we were not mailing from anyways I figured I would just deal with it in the morning, but it had cleared itself up by then.
First time I had ever even heard of this one.
Good luck!
-----Original Message----- From: NANOG [mailto:nanog-bounces+dannschuler=hotmail.com@nanog.org] On Behalf Of Mel Beckman Sent: Tuesday, January 2, 2018 11:46 AM To: nanog@nanog.org Subject: Anyone else blacklisted this morning by rbl.iprange.net?
I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0> reports that rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> owner's website ():
"rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> will mark every ip address as listed to force removal of this server."
What the heck? I've tried contacting realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).
-mel beckman
I did finally reach someone at realtimeblacklist.com. They've just today shut down the bogus DNS RBL and said they realize now it was a terrible idea. They read and now understand the RBL RFC and promised not to do it again. I appreciate them taking the time to respond, and hopefully they'll also improve their communication channels (such as putting meaningful contact info in their WhoIs. It's ironic that an anti-spam operator, of all people, would hide this info!) -mel
On Jan 2, 2018, at 2:04 PM, Alexander Maassen <outsider@scarynet.org> wrote:
As the message said, they use this to force mx admins to remove their entry to stop hammering. I remember other lists did the same. Contact the remote mx admin in order to get this fixed.
Op 2 jan. 2018 om 17:57 heeft Dann Schuler <DannSchuler@hotmail.com> het volgende geschreven:
We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.
MXToolBox alerted us to it, I ran a manual check on their portal, which is supposed to be http://iprange.net/rbl/lookup/ but redirects to https://realtimeblacklist.com/lookup/ and it came back not listed. Since it was a line I knew we were not mailing from anyways I figured I would just deal with it in the morning, but it had cleared itself up by then.
First time I had ever even heard of this one.
Good luck!
-----Original Message----- From: NANOG [mailto:nanog-bounces+dannschuler=hotmail.com@nanog.org] On Behalf Of Mel Beckman Sent: Tuesday, January 2, 2018 11:46 AM To: nanog@nanog.org Subject: Anyone else blacklisted this morning by rbl.iprange.net?
I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0> reports that rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> owner's website ():
"rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> will mark every ip address as listed to force removal of this server."
What the heck? I've tried contacting realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).
-mel beckman
But what other people have rightfully pointed out is that his behavior is stupid and against the RFC that covers DNSBLs. And it's not simply MX admins here. You have firewalls that are also affected. If you're going to run a DNSBL to advertise your mail software, perhaps do so in a way that doesn't flip the bird at everyone using it. On Tue, Jan 2, 2018 at 2:02 PM, Alexander Maassen <outsider@scarynet.org> wrote:
As the message said, they use this to force mx admins to remove their entry to stop hammering. I remember other lists did the same. Contact the remote mx admin in order to get this fixed.
Op 2 jan. 2018 om 17:57 heeft Dann Schuler <DannSchuler@hotmail.com> het volgende geschreven:
We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18.
MXToolBox alerted us to it, I ran a manual check on their portal, which is supposed to be http://iprange.net/rbl/lookup/ but redirects to https://realtimeblacklist.com/lookup/ and it came back not listed. Since it was a line I knew we were not mailing from anyways I figured I would just deal with it in the morning, but it had cleared itself up by then.
First time I had ever even heard of this one.
Good luck!
-----Original Message----- From: NANOG [mailto:nanog-bounces+dannschuler=hotmail.com@nanog.org] On Behalf Of Mel Beckman Sent: Tuesday, January 2, 2018 11:46 AM To: nanog@nanog.org Subject: Anyone else blacklisted this morning by rbl.iprange.net?
I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmxtoolbox.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=Bdwc8tlrQa0NnUQfeTlsM%2BNSzL5fqQi8yDUBoP2tSw8%3D&reserved=0> reports that rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> owner's website ():
"rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.realtimeblacklist.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=ClOK3bagRxJ2%2BS%2BJMfr2PuNNdzJcfC6cHDRdrOhqohM%3D&reserved=0> rbl.iprange.net<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frbl.iprange.net&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=1o3%2FMYkyOIXRdJg3m5SE2weuwbyvI%2FDXaF1ux6wenxU%3D&reserved=0> will mark every ip address as listed to force removal of this server."
What the heck? I've tried contacting realtimeblacklisk.com<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Frealtimeblacklisk.com&data=02%7C01%7C%7Cc63480c7f9a94b13c1bd08d552007f81%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636505084442000619&sdata=vCuDN2O4BvqZ9CZMiybGz63jRafY9zO%2FR%2F3skxVeKTo%3D&reserved=0>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).
-mel beckman
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
In article <CAN3um4xyF34vJN5KO40unaQqW+gH4HZLkwOz6O5dbtij-DE0+Q@mail.gmail.com> you write:
If you're going to run a DNSBL to advertise your mail software, perhaps do so in a way that doesn't flip the bird at everyone using it.
On the other hand if you're going to use DNSBLs, you really should do the tests in RFC 5782 every once in a while so you stop using BLs that don't exist any more. It's not hard. R's, John
Alas, these RBLs are often hard-coded into firewalls. Non-sophisticated users just think they have a check box saying "block spam". Fixing those IS hard. -mel
On Jan 4, 2018, at 4:45 PM, John Levine <johnl@iecc.com> wrote:
In article <CAN3um4xyF34vJN5KO40unaQqW+gH4HZLkwOz6O5dbtij-DE0+Q@mail.gmail.com> you write:
If you're going to run a DNSBL to advertise your mail software, perhaps do so in a way that doesn't flip the bird at everyone using it.
On the other hand if you're going to use DNSBLs, you really should do the tests in RFC 5782 every once in a while so you stop using BLs that don't exist any more. It's not hard.
R's, John
Alas, these RBLs are often hard-coded into firewalls. Non-sophisticated users just think they have a check box saying "block spam". Fixing those IS hard.
I believe there are cases where people have made it hard, but there are limits on how much I believe in protecting people from the consequences of their ineptness. Perhaps we should spin up a little DNS cache just for DNSBL queries. R's, John
In article <CAN3um4xyF34vJN5KO40unaQqW+gH4HZLkwOz6O5dbtij-DE0+Q@mail.gmail.com> you write:
If you're going to run a DNSBL to advertise your mail software, perhaps do so in a way that doesn't flip the bird at everyone using it.
On the other hand if you're going to use DNSBLs, you really should do the tests in RFC 5782 every once in a while so you stop using BLs that don't exist any more. It's not hard.
On Tue, Jan 02, 2018 at 04:46:02PM +0000, Mel Beckman quoted:
"rbl.iprange.net will mark every ip address as listed to force removal of this server."
Apparently they didn't read section 3.4 of RFC 6471: https://tools.ietf.org/html/rfc6471#page-15 Given this behavior on their part, it would seem best to not only immediately remove their old DNSBL from mail system configurations, but to never add their new one. ---rsk
In article <20180102170409.GA5619@gsp.org> you write:
On Tue, Jan 02, 2018 at 04:46:02PM +0000, Mel Beckman quoted:
"rbl.iprange.net will mark every ip address as listed to force removal of this server."
Apparently they didn't read section 3.4 of RFC 6471:
I agree that listing the world is a bad idea but I feel their pain, having a few DNSBL-like things here that are hammered on at great length by broken clients. If you want the traffic to go away, what do you do? I run a little DNS server at contacts.abuse.net that provides abuse contact information in TXT records. For reasons I can only imagine, a few hosts hammer on them like crazy (one seems to have the goal of looking up every 2ld in the .at domain) which is a pain. So I've started doing nameserver poisoining. If one of those annoying hosts asks for, say, foo.bar.contacts.abuse.net which is how you ask for the contacts for domain foo.bar, it returns bar.contacts.abuse.net. NS 604800 abcde.n.contacts.abuse.net. ... bar.contacts.abuse.net. NS 604800 qwert.n.contacts.abuse.net. with 12 fake NS records with randomish hostnames. Then when they do A or AAAA lookups for those host names, I send back a couple of dozen fake A or AAAA records. In my experience that makes them go away pretty fast, with only the occasional revisit when they want something in an obscure TLD that I haven't poisoned yet. This is all written in perl, which turned out to be pretty easy, and not using Net::DNS or anything like that, either. I suppose if I wanted to do this on behalf of a normal nameserver I could use some packet filters to divert traffic from annoying hosts to the poison server. R's, John
On Tue, 2 Jan 2018, Mel Beckman wrote:
I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<http://mxtoolbox.com> reports that rbl.iprange.net<http://rbl.iprange.net> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<http://rbl.iprange.net> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<http://rbl.iprange.net> owner's website ():
"rbl.iprange.net<http://rbl.iprange.net> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<http://rbl.realtimeblacklist.com> rbl.iprange.net<http://rbl.iprange.net> will mark every ip address as listed to force removal of this server."
What the heck? I've tried contacting realtimeblacklisk.com<http://realtimeblacklisk.com>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).
If you do manage to get ahold of anyone there, you might suggest they read section 3.4 of https://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-10 There's a right way to shut down a DNSBL that's been tested and used by others. Listing the world is not the right way. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
LOL! Apparently Level3 (my upstream) at least has blacklisted their IP, way before it gets anywhere near the Netherlands! traceroute rbl.iprange.net traceroute to rbl.iprange.net (80.127.112.180), 64 hops max, 40 byte packets 1 router1.sb.becknet.com (206.83.0.1) 0.862 ms 0.415 ms 0.365 ms 2 206-190-77-9.static.twtelecom.net (206.190.77.9) 0.817 ms 1.234 ms 0.734 ms 3 ae1-90g.ar7.lax1.gblx.net (67.17.75.18) 2.933 ms 3.023 ms 2.928 ms 4 ae10.edge1.losangeles9.level3.net (4.68.111.21) 3.040 ms 2.996 ms 3.040 ms 5 * * * 6 * * * 7 * * * Thank you Level3! Now if other major backbone providers will do the same, we might inoculate the Internet from this ignorant RBL operator quickly. -mel
On Jan 2, 2018, at 9:10 AM, Jon Lewis <jlewis@lewis.org> wrote:
On Tue, 2 Jan 2018, Mel Beckman wrote:
I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com<http://mxtoolbox.com> reports that rbl.iprange.net<http://rbl.iprange.net> has blacklisted us for more than a day. However, looking up our address on the rbl.iprange.net<http://rbl.iprange.net> lookup webpage shows we're NOT listed. But a check of the RBL's DNS shows that we are. Then I found this on the rbl.iprange.net<http://rbl.iprange.net> owner's website ():
"rbl.iprange.net<http://rbl.iprange.net> (is offline since 01-01-2018) please replace it with rbl.realtimeblacklist.com<http://rbl.realtimeblacklist.com> rbl.iprange.net<http://rbl.iprange.net> will mark every ip address as listed to force removal of this server."
What the heck? I've tried contacting realtimeblacklisk.com<http://realtimeblacklisk.com>, but they're in the Netherlands and apparently fast asleep (in more ways than one, it seems).
If you do manage to get ahold of anyone there, you might suggest they read section 3.4 of
https://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-10
There's a right way to shut down a DNSBL that's been tested and used by others. Listing the world is not the right way.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
participants (8)
-
Alexander Maassen
-
Dann Schuler
-
John Levine
-
John R. Levine
-
Jon Lewis
-
Mel Beckman
-
Mike Hale
-
Rich Kulawiec